CVE-2022-41423 Bento4 v1.6.0-639 was discovered to contain a segmentation violation in the mp4fragment component.
This could result in a crash during execution of a malicous javascript code.
The vulnerability is rated as critical due to the possibility of remote code execution.
Bento4 v1.6.0-639 was discovered to have a SQL Injection vulnerability in the Access Log Settings component.
It is possible for an attacker to inject SQL code and thus control the database.
The SQL code can be used to view data, create new data entries, or delete data entries.
Bento4 v1.6.0-639 was discovered to have a XSS hole in the Access Log Settings component.
It is possible for a remote attacker to inject malicious data into system logs and capture sensitive information such as authentication hashes and cookies via the logs.
Bento4 v1.6.0-639 was discovered to have a XSS hole in the Package Settings component.
It is possible for a remote attacker to inject malicious data into system settings and capture sensitive information such as authentication hashes and cookies via the settings.
Bento4 v1.6.0-639 was discovered to have a XSS hole in the Mail Settings component.
It is possible for a remote attacker to inject malicious data into system settings and capture sensitive information such as authentication hashes and cookies via the settings.
Bento4 v1.6.0-639 was discovered to have a XSS hole
Installation Instructions:
Install the latest version of Bento4
Download, install and configure the plugin using the following instructions:
Timeline
Published on: 10/03/2022 14:15:00 UTC
Last modified on: 10/05/2022 13:19:00 UTC